MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-6798	2Download Connector for 2DL Hosted Checkout <= 0.1.5 - Missing Authorization to Unauthenticated Sensitive Customer Subscription Data Exposure via 'ToDownload_email' Parameter_CVE-2026-6798 The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1...	2download	2Download Connector for 2DL Hosted Checkout	Jun 19, 2026	CVE
MEDIUM 5.3	CVE-2026-3640	STRABL <= 4.5 - Unauthenticated Arbitrary Webhook Creation via REST API Endpoint_CVE-2026-3640 The STRABL – A checkout solution plugin for WordPress is vulnerable to Missing Authentication in all versions up to and including 4.5. The plugin r...	strablengineering	STRABL – A checkout solution	Jun 19, 2026	CVE
MEDIUM 5.6	CVE-2026-8296	CVE-2026-8296_CVE-2026-8296 In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting Payload via artifacts.	Octopus Deploy	Octopus Server 2023.0.0	Jun 19, 2026	CVE
MEDIUM 5.3	CVE-2026-56138	Authenticated Path Traversal in AIL framework /objects/item/diff Allows Reading Gzip-Compressed Files_CVE-2026-56138 AIL framework contains a path traversal vulnerability in the /objects/item/diff endpoint. The endpoint accepts item identifiers through the s1 and ...	ail-project	ail-framework	Jun 19, 2026	CVE
MEDIUM 6.5	CVE-2026-12706	Ffmpeg: ffmpeg: heap use-after-free read in rasc decoder decode_move()_CVE-2026-12706 A use-after-free vulnerability was found in FFmpeg's RASC video decoder. The decode_move() function initializes a read pointer into a decompressed ...	Red Hat	Red Hat Enterprise Linux AI (RHEL AI) 3	Jun 19, 2026	CVE
MEDIUM 5.6	CVE-2026-11941	Use-after-free in connection ID iterator and FFI functions_CVE-2026-11941 Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions. The “quiche_connection_id_iter_n...	Cloudflare	Quiche 0.20.0	Jun 19, 2026	CVE
MEDIUM 5.3	CVE-2026-49872	Apache APISIX: Improper authentication in cas-auth plugin_CVE-2026-49872 Improper Authentication vulnerability in Apache APISIX. When the cas-auth plugin is used in a route, an attacker can possibly authenticate itself ...	Apache Software Foundation	Apache APISIX 3.0.0	Jun 19, 2026	CVE
MEDIUM 6.3	CVE-2026-49230	Apache APISIX: Authentication bypass in jwe-decrypt_CVE-2026-49230 Improper Validation of Integrity Check Value vulnerability in Apache APISIX. The jwe-decrypt plugin under default configuration is vulnerable to a...	Apache Software Foundation	Apache APISIX 3.8.0	Jun 19, 2026	CVE
MEDIUM 5.3	CVE-2026-48141	Memory leak in NI grpc-device BeginSidebandStream_CVE-2026-48141 There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion. This affects NI grpc-d...	NI	grpc-device	Jun 19, 2026	CVE
MEDIUM 6.5	CVE-2026-48140	Unchecked enum cast vulnerability in NI grpc-device in BeginSidebandStream_CVE-2026-48140 There is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow an attacker to trigger invalid enum states and u...	NI	grpc-device	Jun 19, 2026	CVE